Snort rule update for April 29, 2021

Cisco Talos just released the latest SNORTⓇ rule update.

Thursday's release includes protection against the exploitation of a recently disclosed vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. An adversary could exploit this vulnerability to cause a denial-of-service condition on a client's VPN connection if they're using an affected version of the Cisco Secure Client. 

Here's a breakdown of this rule release:

Shared object rules	Modified shared object rules	New rules	Modified rules
3	0	6	3

Snort rule update for April 27, 2021

 Cisco Talos released the latest SNORT® rule update Tuesday morning.

Today's release includes several new rules to protect against attacks from the LemonDuck threat group. Talos first discovered LemonDuck spreading cryptocurrency miners, but it has now shifted to targeting vulnerable Microsoft Exchange Servers to deploy ransomware.

Here's a breakdown of Tuesday's rule release:

Shared object rules	Modified shared object rules	New rules	Modified rules
6	0	6	12

Recording: Snort 3 and me — an introduction and overview

 

Our first entry in the "Snort 3 and me" webinar series is the perfect place to start if you've never worked with Snort 3 before.

If you missed our presentation from earlier this week, we've uploaded the full version to the Cisco Talos YouTube channel. You can also check it out above.

Stay tuned for more information on the next entry in our webinar series.

2.9.8.3 Shared Object end-of-life

Attention users of SNORTⓇ version 2.9.8.3: This serves as your official end-of-life notification. However, this EOL notification is a bit unique.  

We will be moving to an “end of life” for shared object rules for Snort version 2.9.8.3 in 90 days, (July 20, 2021).  After that, for an indeterminate amount of time after July 20, we will only be supporting 2.9.8.3 for plain text rules. 

If you are using version 2.9.8.3, you should immediately start making plans to move off of that version altogether. 

Please see our other announcement recently on the EOL of 2.9.15.0 and 2.9.16.0. 

Snort rule update for April 20, 2021

Cisco Talos released the latest SNORT® rule update Tuesday afternoon.

Today's release includes several rules to protect against the exploitation of a recently discovered vulnerability in the VMware View Planner virtual desktop deployment platform. An attacker could use this vulnerability to gain the ability to execute remote code on the victim machine.

There is also one rule preventing the Remcos RAT from making an outbound connection to its command and control server. Remcos is recently known for being attached to COVID-19-themed spam campaigns. 

Here's a breakdown of Tuesday's rule release:

Shared object rules	Modified shared object rules	New rules	Modified rules
0	0	9	2

Snort rule update for April 15, 2021

Cisco Talos released the newest rule update for SNORTⓇ this morning.

Thursday's rule release includes several new rules to protect against the Raindrop malware. This threat was recently discovered being deployed by actors exploiting the well-known vulnerabilities in SolarWinds. This supply chain attack targeted many high-profile organizations and government agencies.

Here's a breakdown of today's rule release:

Shared object rules	Modified shared object rules	New rules	Modified rules
2	0	13	7

Snort rule update for April 13, 2021 — Microsoft Patch Tuesday

 The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for many of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this month, head to the Talos blog.

Here's a breakdown of this afternoon's rule release:

Shared object rules	Modified shared object rules	New rules	Modified rules
1	1	11	0

New "Snort 3 and me" webinar series launches on April 20

Have you upgraded to Snort 3 yet? Want to learn how to transition?

With Snort 3, rules are faster and more efficient, users have more control over their Snort experience, and it runs on multiple environments and operating systems.

To help you make the switch, we're launching a new series of webinars with the help of the Snort product team and our friends across Cisco. 

To kick things off, Alex Tatistcheff, a technical marketing manager for Cisco, will be holding a presentation on Snort 3 on April 20 at 11 a.m. ET. Alex will address specific questions anyone has about Snort 3 and walk you through how to have a successful migration to Snort 3. You can register for this webinar here.

Alex is the author of the book "Essential Firepower: Your best practice guide to configuring Cisco's Next Generation Firewall" and is an expert on all things Snort.

Snort rule update for April 1, 2021

The latest SNORTⓇ rule update is available this morning, courtesy of Cisco Talos.

Here's a breakdown of today's rule release:

Shared object rules	Modified shared object rules	New rules	Modified rules
0	1	6	32

Applications open now for Snort scholarship

Applications are now open for the $10,000 Snort scholarship. We encourage everyone who is eligible to apply here. We will be accepting applications through the end of the month.

After that, our hand-picked panel will look at the submissions and select two students to receive a $10,000 award each.

For more detailed instructions on how to apply, check out the video below.